Privacy Policy

What we collect

When you create a Haven account we collect your first name, your role onboard, and an optional vessel name. If you provide an emergency contact, we store their name, relationship to you, and contact details.

While you use the app, we store your daily check-in scores (regulation, rest, connection), the content of your reflection sessions including the messages exchanged with the AI companion, session summaries, breathing exercise records, and the pre and post regulation scores attached to each session.

We also store standard technical data required to run a web application: your email address (for authentication), session tokens, and basic usage logs.

How we use it

Your data is used to run the app: to show you your history, personalise the AI companion's opening messages with context from your previous sessions, and generate the trends visible on your Bearings screen.

If your vessel has a captain using the Haven captain dashboard, aggregated and anonymised crew data (average scores across the vessel, not individual scores) may inform the metrics they see. Your captain never sees your name attached to any score, never sees the content of your sessions, and never sees your individual check-in numbers.

If you submit a report to your captain through the reporting tool, the category, description, and anonymity level you chose are shared with your captain exactly as you submitted them. That is the only exception.

We do not sell your data. We do not share it with your management company, your owner, or any third party beyond the service providers listed below.

What your captain sees, and what they don't

The captain dashboard shows vessel-level aggregates: average regulation, rest, and connection scores across the crew, engagement rates, and anonymised reflection themes. This data is only visible when five or more crew members are actively using the app, to prevent any individual from being identifiable.

Your captain never sees: your session transcripts, your individual check-in scores, your regulation slider readings, your pre or post scores from breathing exercises, or anything you type in the reflection companion.

The emergency contact you add during onboarding is visible only to you. Your captain cannot access it.

The AI companion

The reflection companion is powered by Anthropic's Claude. Your session messages are sent to Anthropic's API to generate responses. Anthropic's usage policies prohibit them from using API data to train their models. Your session content is not used to improve AI systems.

Session content sent to the API is processed in transit and not stored by Anthropic beyond what their standard infrastructure logs require for debugging, which are subject to their own retention policies.

Summaries of your sessions (themes, key takeaways, emotional state) are generated by the API at the end of each session and stored in your Haven account. These summaries are used to provide continuity between sessions (so the companion can reference what you last explored) and to populate your Bearings screen.

Analytics

We use PostHog, hosted on EU servers, to understand how the app is being used at a product level. This includes events like screen views, feature interactions, and session completions. We do not send session content or personal identifiers to PostHog.

The website uses Vercel Analytics and Speed Insights, which collect anonymised performance and visitor data. No personally identifiable information is sent.

Data storage and security

Your data is stored in Supabase, a PostgreSQL database hosted on infrastructure in the EU. All data is encrypted at rest and in transit. Row-level security policies mean each user can only access their own data.

Authentication is handled by Supabase Auth using either magic links (emailed one-time links) or Google OAuth. We do not store passwords.

Haven is a small team. A limited number of people have administrative access to the database, strictly for the purpose of running and maintaining the service.

Your rights

Under GDPR and applicable UK and EU data protection law, you have the right to access the personal data we hold about you, the right to correct inaccurate data, the right to request deletion, the right to data portability, and the right to object to certain processing.

To exercise any of these rights, email us at hello@havenmental.health. We will respond within 30 days.

You also have the right to lodge a complaint with a supervisory authority if you believe we have handled your data unlawfully.

How to delete your data

You can delete your entire account and all associated data from the Profile screen inside the Haven app. Tap your profile, scroll to the bottom, and select Delete Account. This action is immediate and irreversible. All sessions, check-ins, scores, summaries, and your profile are permanently removed from our systems.

If you have difficulty accessing the app or want to request deletion directly, email hello@havenmental.health and we will complete the deletion within 7 days.

Changes to this policy

We will update this page if our data practices change in any meaningful way. If changes affect how your data is used, we will notify you by email before they take effect.

This policy was last updated on 2 June 2026.

Contact

Questions about this policy or how we handle your data: hello@havenmental.health.

Haven Mental Health Ltd. Registered in England and Wales.